Hy!
I have got a malware notofication regarded to one of the Linux VM. Te report is: Potential malware activity detected. Detection source: Encrypted data.
How can I identify that why Veeam say there are encrypted data? Are there any log?
I cannot use Scan backup on Linux backup...
Thanks.
-
adam900331
- Veteran
- Posts: 305
- Liked: 22 times
- Joined: Dec 01, 2019 7:27 pm
- Contact:
-
david.domask
- Veeam Software
- Posts: 1425
- Liked: 365 times
- Joined: Jun 28, 2016 12:12 pm
- Contact:
Re: Potential malware activity detected
Hi adam900331,
Encrypted data alert would come from the Inline Scan feature of Malware detection -- do give the User Guide page a read to better understand how it works, but briefly, the backup data-stream is analyzed and checked for potential signs of encryption. Because it's analyzing the data blocks in flight, there isn't a 1:1 match of "This file looks suspiciously encrypted" as the block in the data-stream doesn't have such a relationship.
Start by checking the Malware Events section in general, but for the encryption alerts it's best to just do a scan on the flagged machine itself or see what processes are running. It is possible this is a false-positive, but it's best to check the machine itself.
Encrypted data alert would come from the Inline Scan feature of Malware detection -- do give the User Guide page a read to better understand how it works, but briefly, the backup data-stream is analyzed and checked for potential signs of encryption. Because it's analyzing the data blocks in flight, there isn't a 1:1 match of "This file looks suspiciously encrypted" as the block in the data-stream doesn't have such a relationship.
Start by checking the Malware Events section in general, but for the encryption alerts it's best to just do a scan on the flagged machine itself or see what processes are running. It is possible this is a false-positive, but it's best to check the machine itself.
David Domask | Product Management: Principal Analyst
Who is online
Users browsing this forum: No registered users and 39 guests